There are various cipher suites available in the CSS for encrypting SSL traffic (if you have the SSL module, that is…). You can choose which to support and weight them in your SSL proxy list if you don’t agree with Cisco’s interpretation of which should be used first.

A customer just asked me what key length the “rsa-with-3des-ede-cbc-sha” cipher used, since most of the other cipher names have a key-length in their name, but this one doesn’t. Also, confusingly, browsers didn’t seem to agree on what was in use either – IE6 said it was 128-bit, Firefox said 168-bit and IE7 didn’t say anything at all/

Contexts are used to partition the ACE module into multiple “virtual modules”. This enables its use in a Datacentre (for example) where customers can manage their own load-balancing configuration without affecting the configuration of other customers.

Obviously you don’t want to give complete access to a customer – there are some parameters that you don’t want them to change at all, such as IP addressing on the interfaces etc. So within a customer’s context, they get only a subset of the available commands. Read the rest of this entry »

I’ve recently been configuring up a pair of Cisco ACE (Application Control Engine) blades for a customer to install into a Cat 6509. These things are pretty new and constitute the latest generation of their content-switching products. They’re so new in fact that there doesn’t appear to be a sample configuration to be had anywhere on Cisco’s website.

If you want some basic product overview stuff, have a look at this page.

What I wanted to do was to configure basic layer-3 load-balancing, with a public Virtual IP address (VIP) and a pair of servers at the back-end. If you’ve not used a service module in a Catalyst 6500 before, it is a bit odd to get your head around.